← Back to Skills Marketplace
Agent Comm Skill
by
404-UNKNOW
· GitHub ↗
· v0.1.0
266
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-comm-skill
Description
Enables DID registration, cryptographic signing, verification, Relay connection, and end-to-end encryption for secure AI agent communication.
README (SKILL.md)
Agent Communication Skill (PassDeck)
This skill provides the security and networking foundation for AI Agent swarms. It handles DID (Decentralized Identity) registration, cryptographically secure signing using Ed25519, and E2EE (End-to-End Encryption) for sensitive data.
🚀 Key Actions
agent.register
- Description: Registers a new local agent identity or restores an existing one. Returns the agent's unique DID.
- Parameters:
{ alias?: string } - Output:
{ localId: string, did: string, publicKey: hex }
message.sign
- Description: Signs a payload using the agent's private key. Ensures data integrity and non-repudiation.
- Parameters:
{ localId: string, payload: any } - Output:
{ signature: hex }
message.verify
- Description: Verifies a signed message against a public key. Used to detect data tampering or unauthorized updates.
- Parameters:
{ publicKeyHex: string, payload: any, signatureHex: string } - Output:
{ verified: boolean }
network.connect
- Description: Establishes an authorized connection to a Relay server. Implements a DID challenge-response handshake.
- Parameters:
{ sessionId: string, localId: string, did: string, onUpdate: function } - Output:
{ success: true }
secret.encrypt / secret.decrypt
- Description: High-level E2EE functions for managing secure credentials within the collaborative pool.
- Parameters:
{ payload/ciphertext: any, sessionKey: string } - Output:
{ ciphertext/decrypted: any }
Usage Guidance
This skill appears to implement what it claims, but review these points before installing:
- Key storage: the vault stores privateKey and publicKey as hex in data/keystore/<localId>.keys.json (mode 0o600). Make sure the skill will run in a directory where those files are appropriately protected and that you accept local disk storage of secret material. Consider running in an isolated container or using a hardware-backed keystore if available.
- Relay endpoints: the code will connect to any relayUrl you provide (default ws://localhost:3001). Only connect to relays you trust; verify the relay server address before invoking network.connect to avoid connecting to untrusted hosts.
- Packaging/build: plugin.json points to dist/index.js but the bundle provides source files (index.js/index.ts) and no dist/. The platform will need to install npm deps and possibly build. Verify the exact install/build steps and dependency integrity (npm registry, lockfile) before running.
- Dependencies: verify and audit dependencies (libsodium-wrappers, ws, uuid and transitive deps). The bundle contains a package-lock.json — use it to validate package integrity or vendor the dependencies if you require stricter supply-chain controls.
- Small oddities: an included dependency 'loro' appears in package.json but is unused in the code; this is likely harmless but worth confirming there are no hidden/unused modules that might be introduced later.
If you need higher assurance, run the skill in an isolated environment, inspect the keystore files after registration, and perform a network capture while exercising network.connect to confirm it only talks to intended relays.
Capability Analysis
Type: OpenClaw Skill
Name: agent-comm-skill
Version: 0.1.0
The skill bundle provides legitimate cryptographic and networking primitives for AI agent communication, including DID registration, Ed25519 signing, and E2EE using libsodium. The implementation in index.ts and scripts/vault.js aligns perfectly with the stated purpose in SKILL.md, utilizing standard libraries (libsodium-wrappers, ws, loro) for secure identity management and message passing. No evidence of data exfiltration, malicious execution, or prompt injection was found; sensitive keys are stored locally with appropriate file permissions (0o600).
Capability Assessment
Purpose & Capability
The skill name/description (agent comm, DID, signing, E2EE, relay) matches the code and SKILL.md actions. The implementation (index.js/ts + scripts/vault.js) implements identity generation, signing, verifying, symmetric encryption, and a WebSocket relay handshake. Small mismatches: plugin.json entry points to dist/index.js but no dist/ directory is provided in the bundle, and package.json lists a dependency ('loro') that is not used in the source — these are packaging issues but do not contradict the stated purpose.
Instruction Scope
SKILL.md exports a narrow set of actions (agent.register, message.sign/verify, network.connect/broadcast, secret.encrypt/decrypt) and the runtime code implements those. The code only reads/writes a local keystore path (process.cwd()/data/keystore) and connects to a relay URL provided by the caller (defaulting to ws://localhost:3001). There are no instructions to read unrelated system files or environment variables, nor to transmit data to hardcoded remote endpoints.
Install Mechanism
The repository contains source and a package.json with npm dependencies (libsodium-wrappers, ws, uuid). There is no explicit install spec in the skill metadata — the platform will need to install dependencies or run a build to use the skill. This is not inherently malicious but requires the platform to run npm install / build steps; verify dependency integrity and the build process before running.
Credentials
No environment variables or external credentials are requested (proportional). However, the vault module writes private keys to disk under data/keystore in the current working directory and stores privateKey in hex in a JSON file with file mode 0o600. Storing private keys on disk is expected for this use case but is sensitive — confirm where the working directory is and who can access those files on your system.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It stores its own keystore files under a local path and keeps in-memory WebSocket connections; it does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-comm-skill - After installation, invoke the skill by name or use
/agent-comm-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Agent Communication Skill (PassDeck):
- Provides secure identity registration (DID) and management for agents.
- Supports Ed25519 cryptographic signing and message verification.
- Enables E2EE (End-to-End Encryption) with easy encryption/decryption functions.
- Includes secure relay network connection via DID challenge-response handshake.
- Exposes core actions: agent registration, message signing/verifying, network connect, secret encryption/decryption.
Metadata
Frequently Asked Questions
What is Agent Comm Skill?
Enables DID registration, cryptographic signing, verification, Relay connection, and end-to-end encryption for secure AI agent communication. It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.
How do I install Agent Comm Skill?
Run "/install agent-comm-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Comm Skill free?
Yes, Agent Comm Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Agent Comm Skill support?
Agent Comm Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Comm Skill?
It is built and maintained by 404-UNKNOW (@404-unknow); the current version is v0.1.0.
More Skills